This program allows you to monitor ipchains/iptables output in realtime. It supports both logging to a file/stdout and/or to tcpdump format capture logs. It also supports security features such as running non-root, and chrooting itself. This program has been known in the past as "Firestorm Firewall Monitor", however it shares no common code with firestorm.
You can address any bug reports, patches, questions etc.. to Gianni Tedesco <gianni at scaramanga dot co dot uk>
Firewall monitor is free software released under the
GNU GPL version 2.
Firewall Monitor is Copyright © 2001-2002 Gianni Tedesco.
Firewall monitor runs only under Linux due to the fact that it takes advantage of a Linux kernel specific functionality.
To run this on Linux 2.4 you will need the NETLINK iptables target which you can find in the latest version of iptables which (as far as I know) most distributions aren't shipping yet. If you run a redhat based distro you can try my rpms.
The latest version is 1.1.0
Version 1.1.0 Source code - Source RPM - 386 Linux RPM
Version 1.0.11 Source code - Source RPM - 386 Linux RPM - NOTE: this version fixes a permission problem with libpcap files
Version 1.0.10 Source code - Source RPM - 386 Linux RPM - NOTE: this version fixes a long standing crash bug.
Version 1.0.9 Source code - Source RPM - 386 Linux RPM
Version 1.0.8 Source code - Source RPM - 386 Linux RPM
Version 1.0.7 Source code - Source RPM - 386 Linux RPM - NOTE: This version has a remote DoS security flaw.
Version 1.0.6 Source code - Source RPM - 386 Linux RPM
02-07-01 13:17:48 [eth0] TCP 220.127.116.11:80 -> 192.168.254.3:20239 [AS] ttl=115 len=44
0000 : E..,.&@.s.n...5G 45 00 00 2C E1 26 40 00 73 06 6E D1 C3 E0 35 47
0010 : .....PO.1..,..._ C0 A8 FE 03 00 50 4F 0F 31 E7 F3 2C 1C 01 8A 5F
0020 : `."8.6.......... 60 12 22 38 A3 36 00 00 02 04 05 B4
Copyright (c) Spanish Inquisition 1478-1834. All rights reversed.